Budapest WordPress Community Blog

Recent Updates

We learnt a lot about Divi and Dynamik Website Builder last night, thanks to Quentin Delsante and @henscu. And both Elegant Themes (makers of Divi) and Cobalt Apps (makers of Dynamik) were generous and offered some prizes!

Plugin translations

If you’ve had to deal with plugin translations in the past, you know it used to be a cumbersome process: people who translated your plugin had to send you .po and .mo files, and you would commit those files into your plugin’s languages folder in the next release. Things are much easier now, thanks to WordPress.org. All translations happen on translate.wordpress.org. You can contribute to translations for just about any plugin, and as soon as your translations get approved, they’ll be shipped to everyone using the plugin.

Even the readme can be translated, so we’re slowly moving towards a fully localized plugin repository!

Let’s Encrypt

Not a WordPress news, but something that will affect everyone with a website. Let’s Encrypt is a new free SSL certificate authority, and is now trusted by all major browsers. Soon they’ll stat issuing free SSL certificates to everyone who’d need one. They contribute to a safer internet for everyone.

More XML-RPC news

XML-RPC is a feature allowing you to interact with a WordPress site. It’s used by the mobile apps, by plugins like Jetpack, by services like IFTTT, and by many other apps and services.

Since it can be used to publish posts remotely, it’s one of the points of entry hackers like to target. They’ll try to authenticate to your site via XML-RPC, and access your site through there.

Unfortunately, it can be abused, and the Sucuri security firm discovered that hackers had discovered a new way to abuse that feature. They now use a method named system.multicallto execute multiple methods inside a single request. That means they can test several username / password combinations to get into your site in one single request. That’s consequently not enough to just block folks who do multiple requests to your site’s XML-RPC in a short period of time, you now have to look at what people do in these requests. We’ll cover how to protect yourself against those attacks in my talk, a bit later.

We had a great meetup (the 3rd one) with lots of valuable information for beginners and experts alike. The presentations were very helpful and generated lots of questions from the attendees and solutions to various issues as well.

During the course of the meetup, I wondered:

What are those top 5 or 10 or 15 plugins that expert WordPress admins always install on the sites after a fresh install?

What are those plugins that you cannot do without and for you are almost like built-in functions on a WordPress site?

So here goes. List the plugins that are your defaults, your go-to plugins, the ones you absolutely must have on your site. I think that this would be very useful for all levels of WordPress users (and is most definitely NOT meant to ignite a flame war)